Path traversal: what do you need to know about it?

Path traversal

What is Path Traversal or Directory Traversal? Basically, it is an attack method where a hacker attacks or accesses files/directories, which are mainly kept outside a web document’s root directory. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, there is the chance to gain access to the arbitrary files and directories stored on file system including application source code or configuration and critical system files.

A hacker manipulates a URL in order to make the website reveal or execute the content of arbitrary files stored on the web-based server, no matter what the location is. So, a device running on an HTTP-based interface is always open to this type of attacks. Path traversal attacks can be through manipulation of web application code or via web server.

Path traversal: methodology

Depending on how the website access is set up, the attacker will execute commands by impersonating the user that is associated with “the website”. Therefore, it all depends on what the website user has been given access to in the system.

Most commonly, user access is to the CGI root or web document root directory that has files needed for users access and for the functioning of web applications. Moreover, hackers use some special-characters sequences to reach the files or run commands on the file-system.

Start your Free Trial!

in collaboration with
CISCO

 

For example, special character sequence like “../” is often used by the hackers to change the resource location requested in the URL. This (..) is the instruction for the system to go one folder or directory up. Likewise, typing this set of special character twice (….) will take you two directories up. This is the most basic type of Path Traversal attack. This sequence helps the hacker to evade the filters placed for security. In other variations of this sequence, he/she may use valid/invalid Unicode encoding of the backslash or forward slash character, URL encoded characters or double URL encoding of the backslash character to obtain information from files.

Path traversal: how can I protect myself?

In many of the cases the web server succeeds in properly restricting such attempts of Path traversal involving the URL path. However, a web application still may be open to such attacks due to wrong handling of inputs provided by the user. As a result of such attacks, the server may divulge source code.

There are some basic rules that help you in avoiding Path traversal attacks. As an example, creating virtual jail environments on Unix platforms will keep the users safe. It is very important to check the vulnerability of your website. You can do it with Swascan Vulnerability Assessment. The scanner crawls the entire website to check for vulnerabilities and then prepares a detailed report along with suggesting the means to fix them. There are some advantages of such scanners as it can also check the website’s vulnerability for SQL injection , cross-site scripting etc.

In order to ensure absolute protection, Swascan developed a unique Vulnerability Assessment tool.

Path traversal

It spots all the vulnerabilities of a web site or web application (including SQLi) and allows to fix them. Clicking on the button below you can have a free trial of the solution:

Start your Free Trial!

in collaboration with
CISCO

Swascan

In order to assure to your business the best tool available, Swascan developed a special ( Premio Cisco-Marzotto winner ) cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our four services cover all the governance needs in terms of risk management and periodic assessment. Basically, if you need to understand the areas in which your efforts must focus, Vulnerability Assessment, Network Scan, Code Review and GDPR Self-Assessment are the right tools for you. Last but not least, don’t forget GDPR: our platform is 100% GDPR compliant ( GDPR infographic ).